http://www.darkreading.com/vulnerability_management/security/privacy/showArticle.jhtml?articleID=222301034 By Tim Wilson DarkReading Jan 14, 2010 Lincoln National Corp. (LNC) last week disclosed a security vulnerability in its portfolio information system that could have compromised the account data of approximately 1.2 million customers. In a disclosure letter (PDF) sent to the attorney general of New Hampshire Jan. 4, attorneys for the financial services firm revealed that a breach of the Lincoln portfolio information system had been reported to the Financial Industry Regulatory Authority (FINRA) by an unidentified source last August. The company was planning to issue notification to the affected customers on Jan. 6, the letter says. The letter does not give technical details about the breach, but it indicates the unidentified source sent FINRA a username and password to the portfolio management system. "This username and password had been shared among certain employees of [Lincoln Financial Services] and employees of affiliated companies," the letter says. "The sharing of usernames and passwords is not permitted under the LNC security policy." FINRA declined to tell Lincoln whether the source of the username and password was a current employee or some other party, according to the letter. [...] ________________________________________ Did a friend send you this? From now on, be the first to find out! Subscribe to InfoSec News http://www.infosecnews.orgReceived on Fri Jan 15 2010 - 07:38:03 PST
This archive was generated by hypermail 2.2.0 : Fri Jan 15 2010 - 07:42:06 PST